bug 125808 :

Reset the token name on token removal.
Check for token presence to reset the session handle.
Consolidate the NSS3 style TokenInit with the stan init so everything is in sync.
r=ddrinan

5 files changed, 39 insertions, 7 deletions

diff --git a/security/nss/lib/dev/devtoken.c b/security/nss/lib/dev/devtoken.c
index cc5709a4b..ae26e3fb4 100644
--- a/security/nss/lib/dev/devtoken.c
+++ b/security/nss/lib/dev/devtoken.c
@@ -195,6 +195,9 @@ nssToken_GetName
   NSSToken *tok
 )
 {
+    if (tok->name[0] == 0) {
+	(void) nssToken_IsPresent(tok);
+    } 
     return tok->name;
 }
 
@@ -233,6 +236,7 @@ nssToken_IsPresent
     ckrv = CKAPI(slot)->C_GetSlotInfo(slot->slotID, &slotInfo);
     if (ckrv != CKR_OK) {
 	nssSession_ExitMonitor(session);
+	token->name[0] = 0;
 	return PR_FALSE;
     }
     slot->ckFlags = slotInfo.flags;
@@ -245,6 +249,7 @@ nssToken_IsPresent
 	    session->handle = CK_INVALID_SESSION;
 	}
 	nssSession_ExitMonitor(session);
+	token->name[0] = 0;
 	return PR_FALSE;
     }
     /* token is present, use the session info to determine if the card
@@ -267,6 +272,7 @@ nssToken_IsPresent
 	/* token has been removed, need to refresh with new session */
 	nssrv = nssSlot_Refresh(slot);
 	if (nssrv != PR_SUCCESS) {
+	    token->name[0] = 0;
 	    return PR_FALSE;
 	}
 	return PR_TRUE;
diff --git a/security/nss/lib/pk11wrap/dev3hack.c b/security/nss/lib/pk11wrap/dev3hack.c
index 0cbd686aa..f6645c463 100644
--- a/security/nss/lib/pk11wrap/dev3hack.c
+++ b/security/nss/lib/pk11wrap/dev3hack.c
@@ -174,6 +174,23 @@ nssSlot_IsPermanent
 }
 
 NSS_IMPLEMENT PRStatus
+nssToken_Refresh(NSSToken *token)
+{
+    PK11SlotInfo *nss3slot;
+
+    if (!token) {
+	return PR_SUCCESS;
+    }
+    nss3slot = token->pk11slot;
+    token->defaultSession = nssSession_ImportNSS3Session(token->slot->arena,
+                                                       nss3slot->session,
+                                                       nss3slot->sessionLock,
+                                                       nss3slot->defRWSession);
+    nssToken_DestroyCertList(token);
+    return nssToken_LoadCerts(token);
+}
+
+NSS_IMPLEMENT PRStatus
 nssSlot_Refresh
 (
   NSSSlot *slot
@@ -183,15 +200,11 @@ nssSlot_Refresh
     if (PK11_InitToken(nss3slot, PR_FALSE) != SECSuccess) {
 	return PR_FAILURE;
     }
-    slot->token->defaultSession = nssSession_ImportNSS3Session(slot->arena,
-                                                       nss3slot->session,
-                                                       nss3slot->sessionLock,
-                                                       nss3slot->defRWSession);
-    nssToken_DestroyCertList(slot->token);
-    return nssToken_LoadCerts(slot->token);
+    return nssToken_Refresh(slot->token);
 }
 
 
+
 NSSTrustDomain *
 nssToken_GetTrustDomain(NSSToken *token)
 {
diff --git a/security/nss/lib/pk11wrap/dev3hack.h b/security/nss/lib/pk11wrap/dev3hack.h
index ae5b2fac5..a24eacd8f 100644
--- a/security/nss/lib/pk11wrap/dev3hack.h
+++ b/security/nss/lib/pk11wrap/dev3hack.h
@@ -48,6 +48,9 @@ nssToken_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot);
 NSS_EXTERN void
 nssToken_UpdateName(NSSToken *);
 
+NSS_EXTERN PRStatus
+nssToken_Refresh(NSSToken *);
+
 NSSTrustDomain *
 nssToken_GetTrustDomain(NSSToken *token);
 
diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c
index f2b128491..361376c70 100644
--- a/security/nss/lib/pk11wrap/pk11cert.c
+++ b/security/nss/lib/pk11wrap/pk11cert.c
@@ -702,7 +702,6 @@ PK11_GetCertFromPrivateKey(SECKEYPrivateKey *privKey)
     CK_OBJECT_HANDLE handle = privKey->pkcs11ID;
     CK_OBJECT_HANDLE certID = 
 		PK11_MatchItem(slot,handle,CKO_CERTIFICATE);
-    SECStatus rv;
     CERTCertificate *cert;
 
     if (certID == CK_INVALID_HANDLE) {
@@ -1378,6 +1377,10 @@ PK11_FindCertFromNickname(char *nickname, void *wincx) {
 	nssTokenCertSearch search;
 	struct token_cbstr token_cb;
 	nssList *certList;
+
+	if (!PK11_IsPresent(slot)) {
+		return NULL;
+	}
 	if (!PK11_IsFriendly(slot)) {
 	    if (PK11_Authenticate(slot, PR_TRUE, wincx) != SECSuccess) {
 		PK11_FreeSlot(slot);
diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c
index 136789fb6..b4c557496 100644
--- a/security/nss/lib/pk11wrap/pk11slot.c
+++ b/security/nss/lib/pk11wrap/pk11slot.c
@@ -1783,6 +1783,8 @@ PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts)
 	if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
     }
 
+    nssToken_Refresh(slot->nssToken);
+
     if (!(slot->needLogin)) {
 	return pk11_CheckVerifyTest(slot);
     }
@@ -1824,6 +1826,7 @@ PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts)
 	    }
 	}
     }
+
 	
     return SECSuccess;
 }
@@ -1942,6 +1945,10 @@ pk11_IsPresentCertLoad(PK11SlotInfo *slot, PRBool loadCerts)
 	return PR_TRUE;
     }
 
+    if (slot->nssToken) {
+	return nssToken_IsPresent(slot->nssToken);
+    }
+
     /* removable slots have a flag that says they are present */
     if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
     if (PK11_GETTAB(slot)->C_GetSlotInfo(slot->slotID,&slotInfo) != CKR_OK) {